Hello friend! (At least I’m going to assume you are my friend. If you found your way here this is statistically likely as this is an ongoing project related to my job more than my blog.)
The reason I’m doing this is because I felt I needed to collect my most-often-given software advice in one handy resource. I could go around handing out USBs, but to be honest I want to teach not accepting a USB from a stranger and installing stuff from it. That’s pretty bad security.
If the list below doesn’t contain enough explanation of each tool for you, it’s because you haven’t attended a training I’ve facilitated. Or maybe I didn’t mention something at the training you were at, because it didn’t fit with your threat model.
Either way, here are download links for the stuff I’ve talked about! I’m assuming you’re a Windows user, but if you are not I’ve included some Macintosh links below as well.
Maintaining your computer
- Malwarebytes Anti-Malware to scan for digital threats
- This does not run in the background and you need to run it manually. Make it part of your weekly backup routine!
- CCleaner for Windows or for Mac OSX to keep your computer clean and running smoothly
- If you are very careful, under “Tools” you can find “Drive Wiper” which lets you securely remove all traces of deleted files on your computer. Make sure you select “Free Space Only” and NOT “Entire Drive”!
Chat and surf
- Tor Browser Bundle when you need to surf the web anonymously
- CryptoCat to chat with your friends and colleagues securely
- Jitsi is another tool to chat securely, but it requires care to use (remember to turn on OTR!)
- KeepassX can store your passwords in a secure file
- Make sure you use a very secure master password!
- Chrome is a very good web browser that I recommend
- And remember to install uBlock Origin to remove advertisments and block a lot of potential malware!
- Winauth lets you generate 2-factor authentication codes on your computer, which is useful if you have a shared social media account for your organization (since it lets you share the underlying secret with others!), or if you don’t have a smartphone to run Google Authenticator on
- Process Explorer is a tool to see exactly what you computer is doing—which processes have which libraries loaded, which other processes they have spawned, and so on. If this makes no sense to you, it’s not a tool you will likely have any use for
- Twofactorauth.org has a list of all services supporting 2-factor authentication—check if you can enable it on the services you rely on!
- With Diceware you can create high-quality passwords using only offline tools: pen, paper, a word list and a few dice
- The grugq’s posts on operational security are an excellent source of well-informed (if a bit controversial, sometimes) opinion on how to do secret work
- On the topic of secret work, the manual How to Master Secret Work is a classic, well worth a read—though it’s from the 70’s and doesn’t cover computers at all!
Really advanced stuff
- Tails is a complete operating system you put on a flash drive, which lets you hide a lot of your activities if you use it right
Some other things…
Working offline in Google Drive
So, sometimes you are in a situation where you need to store your files outside of your computer. Maybe even work on them outside of your computer. This is where Google Drive shines—if you have a Google account (a Gmail account, or a Google+ account) you have access to Google’s Docs, Sheets, Slides and Drive services as well. Since you save the documents on Google’s servers, and work with them on Google’s servers, they are never saved on your computer.
However, sometimes you need to work on them when you’re offline. Then you can follow this guide to save the documents in Chrome for offline editing. It’s really that simple.